Menu
I have a set of cloudwatch logs in json format that contain a username field. How can I write a cloudwatch metric query that counts the number of unique users per month?
716
SampleCount is the number of data points during the period. Sum is the sum of the values of the all data points collected during the period. Average is the value of Sum/SampleCount during the specified period. Minimum is the lowest value observed during the specified period.
You can add tags to existing rules by using the tag-resource AWS CLI command and the TagResource API. Metric streams – You can tag metric streams when you create them by using the put-metric-stream AWS CLI command and the PutMetricStream API.
You can now do this! Using CloudWatch Insights.
API: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html
I am working on a similar problem and my query for this API looks something like:
fields @timestamp, @message
| filter @message like /User ID/
| parse @message "User ID: *" as @userId
| stats count(*) by @userId
To get the User Ids. Right now this returns with a list of them then counts for each one. Getting a total count of unique can either be done after getting the response or probably by playing with the query more.
You can easily play with queries using the CloudWatch Insights page in the AWS Console.
117
Now you can count unique field values using the count_distinct instruction inside CloudWatch Insights queries.
Example:
fields userId, @timestamp
| stats count_distinct(userId)
More info on CloudWatch Insights: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
